Apache Guacamole 1.1.0 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Summary

Apache Guacamole 1.1.0 suffers from exposure of sensitive information to an unauthorized actor vulnerability

Credit:

The information has been provided by Mike Jumper

The original article can be found at:https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7@%3Cuser.guacamole.apache.org%3E


Details

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

 

Vulnerable Systems:

Apache Guacamole 1.1.0

 

CVE Information:

CVE-2020-9497

 

Disclosure Timeline:
Published Date:7/2/2020

Categories: FeaturedNews